network: don't add "no-resolv" if we still need DNS servers from resolv.conf

It was pointed out here: https://bugzilla.redhat.com/show_bug.cgi?id=1331796#c4 that we shouldn't be adding a "no-resolv" to the dnsmasq.conf file for a network if there isn't any <forwarder> element that specifies an IP address but no qualifying domain. If there is such an element, it will handle all DNS requests that weren't otherwise handled by one of the forwarder entries with a matching domain attribute. If not, then DNS requests that don't match the domain of any <forwarder> would not be resolved if we added no-resolv. So, only add "no-resolv" when there is at least one <forwarder> element that specifies an IP address but no qualifying domain.
2024-07-03 16:42:37 +00:00 · 2017-03-17 12:25:43 -04:00 · 2017-03-17 12:25:43 -04:00 · 15b5902db9
commit 15b5902db9
parent f9144125b8
8 changed files with 61 additions and 2 deletions
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@ -1085,7 +1085,15 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
        virBufferAddLit(&configbuf, "port=0\n");

    if (wantDNS && network->def->dns.forwarders) {
-        virBufferAddLit(&configbuf, "no-resolv\n");
+        /* addNoResolv should be set to true if there are any entries
+         * that specify an IP address for requests, but no domain
+         * qualifier (implying that all requests otherwise "unclaimed"
+         * should be sent to that address). if it is still false when
+         * we've looked at all entries, it means we still need the
+         * host's resolv.conf for some cases.
+         */
+        bool addNoResolv = false;
+
        for (i = 0; i < network->def->dns.nfwds; i++) {
            virNetworkDNSForwarderPtr fwd = &network->def->dns.forwarders[i];

@ -1099,11 +1107,15 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
                    goto cleanup;
                virBufferAsprintf(&configbuf, "%s\n", addr);
                VIR_FREE(addr);
+                if (!fwd->domain)
+                    addNoResolv = true;
            } else {
                /* "don't forward requests for this domain" */
                virBufferAddLit(&configbuf, "#\n");
            }
        }
+        if (addNoResolv)
+            virBufferAddLit(&configbuf, "no-resolv\n");
    }

    if (network->def->domain) {
--- a/tests/networkxml2confdata/nat-network-dns-forwarder-no-resolv.conf
+++ b/tests/networkxml2confdata/nat-network-dns-forwarder-no-resolv.conf
@ -0,0 +1,12 @@
+##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
+##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
+##    virsh net-edit default
+## or other application using the libvirt API.
+##
+## dnsmasq conf file created by libvirt
+strict-order
+server=/example.com/192.168.1.1
+except-interface=lo
+bind-dynamic
+interface=virbr0
+addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
--- a/tests/networkxml2confdata/nat-network-dns-forwarder-no-resolv.xml
+++ b/tests/networkxml2confdata/nat-network-dns-forwarder-no-resolv.xml
@ -0,0 +1,11 @@
+<network>
+  <name>default</name>
+  <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+  <forward mode='nat'/>
+  <bridge name='virbr0' stp='on' delay='0'/>
+  <dns>
+    <forwarder domain='example.com' addr='192.168.1.1'/>
+  </dns>
+  <ip address='192.168.122.1' netmask='255.255.255.0'>
+  </ip>
+</network>
--- a/tests/networkxml2confdata/nat-network-dns-forwarders.conf
+++ b/tests/networkxml2confdata/nat-network-dns-forwarders.conf
@ -5,11 +5,11 @@
 ##
 ## dnsmasq conf file created by libvirt
 strict-order
-no-resolv
 server=8.8.8.8
 server=8.8.4.4
 server=/example.com/192.168.1.1
 server=/www.example.com/#
+no-resolv
 except-interface=lo
 bind-dynamic
 interface=virbr0
--- a/tests/networkxml2conftest.c
+++ b/tests/networkxml2conftest.c
@ -137,6 +137,7 @@ mymain(void)
    DO_TEST("nat-network-dns-hosts", full);
    DO_TEST("nat-network-dns-forward-plain", full);
    DO_TEST("nat-network-dns-forwarders", full);
+    DO_TEST("nat-network-dns-forwarder-no-resolv", full);
    DO_TEST("nat-network-dns-local-domain", full);
    DO_TEST("dhcp6-network", dhcpv6);
    DO_TEST("dhcp6-nat-network", dhcpv6);
--- a/tests/networkxml2xmlin/nat-network-dns-forwarder-no-resolv.xml
+++ b/tests/networkxml2xmlin/nat-network-dns-forwarder-no-resolv.xml
@ -0,0 +1,11 @@
+<network>
+  <name>default</name>
+  <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+  <forward mode='nat'/>
+  <bridge name='virbr0' stp='on' delay='0'/>
+  <dns>
+    <forwarder domain='example.com' addr='192.168.1.1'/>
+  </dns>
+  <ip address='192.168.122.1' netmask='255.255.255.0'>
+  </ip>
+</network>
--- a/tests/networkxml2xmlout/nat-network-dns-forwarder-no-resolv.xml
+++ b/tests/networkxml2xmlout/nat-network-dns-forwarder-no-resolv.xml
@ -0,0 +1,11 @@
+<network>
+  <name>default</name>
+  <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+  <forward mode='nat'/>
+  <bridge name='virbr0' stp='on' delay='0'/>
+  <dns>
+    <forwarder domain='example.com' addr='192.168.1.1'/>
+  </dns>
+  <ip address='192.168.122.1' netmask='255.255.255.0'>
+  </ip>
+</network>
--- a/tests/networkxml2xmltest.c
+++ b/tests/networkxml2xmltest.c
@ -141,6 +141,7 @@ mymain(void)
    DO_TEST("nat-network-dns-hosts");
    DO_TEST("nat-network-dns-forward-plain");
    DO_TEST("nat-network-dns-forwarders");
+    DO_TEST("nat-network-dns-forwarder-no-resolv");
    DO_TEST("nat-network-forward-nat-address");
    DO_TEST("nat-network-forward-nat-no-address");
    DO_TEST("8021Qbh-net");